Fixes to login module

This commit is contained in:
mposolda 2014-11-14 21:05:44 +01:00
parent 4ebca3ca43
commit b08930961f

View file

@ -25,6 +25,7 @@ import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException; import org.keycloak.VerificationException;
import org.keycloak.constants.GenericConstants; import org.keycloak.constants.GenericConstants;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.PemUtils; import org.keycloak.util.PemUtils;
/** /**
@ -83,19 +84,15 @@ public class BearerTokenLoginModule implements LoginModule {
} }
String principalAttribute = (String) options.get(PRINCIPAL_ATTRIBUTE_OPTION); String principalAttribute = (String) options.get(PRINCIPAL_ATTRIBUTE_OPTION);
kd = new KeycloakDeployment(); AdapterConfig cfg = new AdapterConfig();
kd.setRealm(realm); cfg.setRealm(realm);
kd.setResourceName(resource); cfg.setResource(resource);
kd.setUseResourceRoleMappings(useResourceRoleMappings); cfg.setUseResourceRoleMappings(useResourceRoleMappings);
kd.setPrincipalAttribute(principalAttribute); cfg.setAuthServerUrl(authServerUrl);
if (publicKey != null) { cfg.setBearerOnly(true);
try { cfg.setPrincipalAttribute(principalAttribute);
PublicKey pk = PemUtils.decodePublicKey(publicKey); cfg.setRealmKey(publicKey);
kd.setRealmKey(pk); kd = KeycloakDeploymentBuilder.build(cfg);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
} }
if (kd.getRealmKey() == null) { if (kd.getRealmKey() == null) {
@ -166,7 +163,7 @@ public class BearerTokenLoginModule implements LoginModule {
} }
protected Auth bearerAuth(String username, String tokenString) throws VerificationException { protected Auth bearerAuth(String username, String tokenString) throws VerificationException {
if ("Bearer".equalsIgnoreCase(username)) { if (!"Bearer".equalsIgnoreCase(username)) {
log.fine("Username is expected to be bearer but is " + username + ". Ignoring login module"); log.fine("Username is expected to be bearer but is " + username + ". Ignoring login module");
return null; return null;
} }
@ -198,9 +195,11 @@ public class BearerTokenLoginModule implements LoginModule {
this.subject.getPrincipals().add(auth.getPrincipal()); this.subject.getPrincipals().add(auth.getPrincipal());
this.subject.getPrivateCredentials().add(auth.getTokenString()); this.subject.getPrivateCredentials().add(auth.getTokenString());
for (String roleName : auth.getRoles()) { if (auth.getRoles() != null) {
RolePrincipal rolePrinc = new RolePrincipal(roleName); for (String roleName : auth.getRoles()) {
this.subject.getPrincipals().add(rolePrinc); RolePrincipal rolePrinc = new RolePrincipal(roleName);
this.subject.getPrincipals().add(rolePrinc);
}
} }
return true; return true;